Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20160325194453.GA18823@openwall.com>
Date: Fri, 25 Mar 2016 22:44:53 +0300
From: Solar Designer <solar@...nwall.com>
To: oss-security@...ts.openwall.com
Cc: James Morris <jmorris@...ei.org>
Subject: Re: [ANNOUNCE] Linux Security Summit 2016 - CFP

On Fri, Mar 25, 2016 at 09:55:41AM +1100, James Morris wrote:
>                  ANNOUNCEMENT AND CALL FOR PARTICIPATION
> 
>                        LINUX SECURITY SUMMIT 2016

Those who have been on oss-security for a while surely are wondering why
this CFP was accepted, despite of our policy to reject any and all CFPs.
No, this one didn't get through because of a moderation bypass, as was
the case for some others (and usually the senders were removed from the
moderation bypass as a result).  I actually approved it, for the first
time in several years of no approved CFPs, and now I have to explain why.

And no, this doesn't mean CFPs are now OK to send in here.  Please don't.

Normally, the boilerplate rejection message for non-spam (not off-topic)
CFPs sent to oss-security is as follows:

---
http://oss-security.openwall.org/wiki/mailing-lists/oss-security says
"Please don't post conference CFPs and (e-)magazine calls for articles."

The list members have previously expressed that they do not want to see
CFPs on the list.  While this one is more relevant than most that we
receive, it'd require a followup posting to explain why an exception was
made, and it might result in yet another (anti-)CFP discussion on the
list, as well as in an increase of CFPs sent to us.  For now, we're just
rejecting all CFPs as part of list policy.  I guess this CFP will also
be posted to Bugtraq, full-disclosure, and other places - and that's
just sufficient.

That said, postings with links to papers, slides, videos on Open Source
security topics (and on specific vulnerabilities in Open Source software) -
perhaps after the conference - may be approved.
---

This time, I don't mind actually doing this "followup posting to explain
why an exception was made" (as well as to discourage further CFPs sent
in here).

Linux Security Summit is relevant to both security and open source at
once, unlike most other events which are focused on one or the other.
Also new this year is Linux kernel self-protection appearing on and
rising to the top of the desired topics list:

>   Topic areas include, but are not limited to:
>   
>     * Kernel self-protection

I just went and checked last year's - the trend was already there, but
it was "System hardening" rather than literally "Kernel self-protection"
that time:

http://kernsec.org/wiki/index.php/Linux_Security_Summit_2015#Call_for_Participation

This is arriving 15-20 years late, but better late than never.
I welcome this change of focus.

For those interested in the topic, I recommend joining the
kernel-hardening mailing list:

http://www.openwall.com/lists/kernel-hardening/

The recent reincarnation of the project was announced here:

http://www.openwall.com/lists/kernel-hardening/2015/11/05/1

and since then the list is quite active again (~200 messages per month).

As to further oss-security postings on LSS or/and other open source
security events, please send in here primarily the outcomes of such
events - info on decisions made (new projects started, etc.), links to
papers, slides, videos.  Content that is actually useful to the majority
of subscribers rather than to the few who would seriously consider
attending a particular event (yet only learn of it from here).

What I am seeing on most mailing lists that accept CFPs (and in
oss-security moderation queue) is that conference organizers tend to
send CFPs to lots of places, but then don't bother sharing the
conference proceedings, slide decks, videos, etc. as widely... and next
year there's another CFP.  For most subscribers, who don't actually
attend most of these events, this is just noise.  So, once again, I'd
like this skewed to generally useful content, please.

For those who are active on oss-security, it's OK to mention a
particular upcoming event (relevant only) in a brief P.S. below their
signature (a few lines only) in some other on-topic message that you
would be posting anyway (preferably in a short one, so the extra/bonus
content is seen).  As long as this trick is not abused, we will likely
be approving such messages for their main content, as usual.

Alexander

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.